Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-11-06 | CVE-2017-16636 | Cross-site Scripting vulnerability in Bludit 1.5.2/2.0.1 In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. | 5.4 |
2017-11-06 | CVE-2017-16635 | Cross-site Scripting vulnerability in Tinywebgallery 2.4 In TinyWebGallery v2.4, an XSS vulnerability is located in the `mkname`, `mkitem`, and `item` parameters of the `Add/Create` module. | 5.4 |
2017-11-06 | CVE-2017-14025 | Improper Input Validation vulnerability in Hitachienergy Fox515T Firmware 1.0 An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. | 5.5 |
2017-11-06 | CVE-2017-14023 | Improper Input Validation vulnerability in Siemens Simatic Pcs7 and Simatic Wincc An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. | 4.9 |
2017-11-06 | CVE-2017-14016 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webaccess A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. | 6.3 |
2017-11-06 | CVE-2017-15306 | NULL Pointer Dereference vulnerability in Linux Kernel The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM ioctl call to /dev/kvm. | 5.5 |
2017-11-06 | CVE-2017-7425 | Cross-site Scripting vulnerability in Netiq Imanager 3.0.3.2 Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2. | 6.1 |
2017-11-06 | CVE-2015-7878 | Cross-site Scripting vulnerability in Taxonomy Find Project Taxonomy Find Cross-site scripting (XSS) vulnerability in the Taxonomy Find module 6.x-2.x through 6.x-1.2 and 7.x-2.x through 7.x-1.0 in Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via taxonomy vocabulary and term names. | 5.4 |
2017-11-06 | CVE-2017-16569 | Open Redirect vulnerability in Zurmo CRM 3.2.1.57987Acc3018 An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting. | 4.8 |
2017-11-06 | CVE-2017-16564 | Cross-site Scripting vulnerability in Grandstream Ht802 Firmware Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148). | 5.4 |